Additional required other products

User level

Intermediate

In this article, you will learn how Adobe Media Server(AMS) can be configured to send logs to a remote logging server. This technique separates the software that generates messages from the system that stores them and the software that reports and analyzes them. Centralized logs management can be used for security auditing as well as generalized informational analysis, and debugging messages in clustered environments.

Configuring AMS to enable remote logging

Adobe Media Server has a variety of log files to help you manage and troubleshoot the server. The log files track server activity, such as who is accessing the server, how users are working with applications, and general diagnostics. Logs are in W3C format. Administrators can use standard parsing tools to parse the log files.

Adobe Media Server can be configured to send logs to a remote logging server over UDP. To enable this, open the Logger.xml file in a text editor. The Logger.xml file is located in the root_install/conf folder.

In the Logger.xml file, search for the <LogServer> tag. This tag has multiple occurrences in the Logger.xml file. You have the flexibility of sending different type of logs to different remote servers.

To enable remote logging for a particular type of log, set the enable attribute to true. Set the type of connection to use by specifying the type attribute as udp, which is the default. The section you need to edit is highlighted in Figure 1. After setting these configurations, restart the AMS Server.

Figure 1. Enabling remote logging for Access logs

Setting up syslog as a remote logging server

Syslog is a standard for computer data logging. I have chosen it because it is installed on most Unix-based systems. The following steps demonstrate using AMS to log messages to a remote syslog server. It assumed that you have the required permissions to edit and restart services on the system where syslog is installed.

Verify syslog installation

The first step in the process is to check if syslog is running on the system, or else install it. You can test if syslog is running by executing the following command:

Test that syslog is listening

Use netstat to check if syslog has started and is listening. By default, most of syslog's listening activity is over port number 514:

>netstat -a |grep syslog
udp 0 0 *:syslog *:*

Test that syslog is accepting messages over UDP

You can use NetCat/Nmap(ncat) to test:

>nc -u localhost 514
>Hello syslog

It should print "Hello syslog" in /var/log/messages. You should also try to send a UDP message from the system where AMS is installed. If it is a Windows system, you can use ncat (which comes with the nmap installation):

>ncat -u remote_syslog_server_ip 514

If you are not able to see the message, please diagnose further: for instance, check to see if your firewalls allow UDP packets to reach the remote logging server.

Configure AMS to send log messages over UDP

To enable remote logging for AMS access logs, in the <LogSever> tag, set the enable attribute to true . Provide the syslog server IP address and port (514) and also set the connection type to UDP; then restart the AMS server. The section you need to edit is highlighted in Figure 3.